Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/18057a-7c28-44b0-b346-99097670b44e/1/1Fb4jd1urOHJo5_owKu58GeUbfQ.roa
File:                     1Fb4jd1urOHJo5_owKu58GeUbfQ.roa (raw, json)
Hash identifier:          HWTH5r2vvToQGYptxfGymBxA0UDvVBAeiYA9Tehs7MM=
Subject key identifier:   D4:56:F8:8D:DD:6E:AC:E1:C9:A3:9F:E8:C0:AB:B9:F0:67:94:6D:F4
Certificate issuer:       /CN=c1a4d142d410aab0905112c4ae579076c0e6dc81
Certificate serial:       0196589C26DAC281B03AE4AC3B0711D4F95A
Authority key identifier: C1:A4:D1:42:D4:10:AA:B0:90:51:12:C4:AE:57:90:76:C0:E6:DC:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/waTRQtQQqrCQURLErleQdsDm3IE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/18057a-7c28-44b0-b346-99097670b44e/1/1Fb4jd1urOHJo5_owKu58GeUbfQ.roa
Signing time:             Mon 21 Apr 2025 13:49:10 +0000
ROA not before:           Mon 21 Apr 2025 13:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43549
IP address blocks:        194.116.180.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/18057a-7c28-44b0-b346-99097670b44e/1/waTRQtQQqrCQURLErleQdsDm3IE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/18057a-7c28-44b0-b346-99097670b44e/1/waTRQtQQqrCQURLErleQdsDm3IE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/waTRQtQQqrCQURLErleQdsDm3IE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:58:9c:26:da:c2:81:b0:3a:e4:ac:3b:07:11:d4:f9:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1a4d142d410aab0905112c4ae579076c0e6dc81
        Validity
            Not Before: Apr 21 13:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d456f88ddd6eace1c9a39fe8c0abb9f067946df4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b2:54:3f:a2:54:b6:c3:31:91:f9:e2:2e:43:
                    7d:b3:10:eb:86:a4:fd:84:8e:08:6a:5f:50:04:98:
                    82:95:14:a1:f6:08:a9:b5:d8:3b:0e:0c:7b:f0:b4:
                    bb:f0:b4:e2:86:ba:6a:19:00:c8:8c:17:46:3c:60:
                    83:39:56:a3:56:49:c7:fb:f5:6b:e6:2c:ed:10:0c:
                    12:31:6e:bd:4f:5a:ac:1c:8e:0d:a1:38:64:0e:6a:
                    03:f7:0c:77:3c:90:eb:b4:2a:d3:57:aa:37:f3:c6:
                    3e:c1:c2:6a:44:3b:f0:50:62:8f:a1:19:d2:bd:8e:
                    fe:d1:bf:d2:e7:fb:95:d3:99:b0:cd:74:46:93:8a:
                    3e:6a:f0:62:f3:d2:4d:eb:77:b3:4b:78:12:23:22:
                    6d:aa:96:33:62:72:0e:88:17:e8:0d:64:29:77:9c:
                    5d:40:d0:a9:a0:62:1f:a1:e6:36:14:33:29:7e:1f:
                    19:e9:1a:02:1e:6c:59:12:84:c8:d6:bd:52:56:39:
                    1b:1a:25:41:ca:fc:88:1e:df:63:7d:d5:c1:f1:8b:
                    d7:21:59:6a:0c:9e:7d:a4:6f:a5:02:39:6a:da:f5:
                    27:48:9f:02:9c:97:03:85:94:2b:17:f8:bf:06:a7:
                    fc:08:28:af:c0:3f:ea:06:57:5a:18:93:02:21:e3:
                    1a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:56:F8:8D:DD:6E:AC:E1:C9:A3:9F:E8:C0:AB:B9:F0:67:94:6D:F4
            X509v3 Authority Key Identifier:
                keyid:C1:A4:D1:42:D4:10:AA:B0:90:51:12:C4:AE:57:90:76:C0:E6:DC:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/waTRQtQQqrCQURLErleQdsDm3IE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/18057a-7c28-44b0-b346-99097670b44e/1/1Fb4jd1urOHJo5_owKu58GeUbfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/18057a-7c28-44b0-b346-99097670b44e/1/waTRQtQQqrCQURLErleQdsDm3IE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:f2:81:62:a4:a6:af:e1:f5:c1:0d:d0:7f:c3:9c:0e:fe:68:
         75:de:57:78:bb:0e:14:00:76:69:43:44:5a:09:fa:51:a7:fe:
         d7:98:ed:15:24:25:bb:cc:80:d8:a5:17:04:d1:f8:37:f1:e7:
         44:08:5f:c9:50:22:ba:3d:74:d1:df:81:a4:de:07:71:12:b3:
         65:da:36:d4:af:b7:4e:20:b7:fd:79:fd:bd:a6:bb:ea:50:eb:
         60:d1:1b:bb:eb:0d:ca:c9:23:b3:db:e3:64:5c:75:b6:49:b7:
         e3:fc:bb:9a:4b:9f:4f:af:38:60:b7:17:99:d9:3f:fc:f1:ea:
         da:bb:f0:71:b5:1a:6c:f1:3e:bb:10:a5:33:d4:e0:4f:f2:48:
         55:8d:f9:73:61:92:d4:66:17:18:ca:84:5e:99:1e:5a:78:48:
         35:75:4f:c7:6e:6d:69:2b:b0:9f:7c:35:5f:43:5c:68:24:04:
         ac:e8:32:54:14:fb:38:8a:85:f5:ee:9d:a4:b5:c5:cb:7c:fd:
         a1:fe:c5:4c:72:d0:d1:6a:71:5a:20:af:b7:22:63:d4:37:cb:
         75:7b:d5:b8:ac:33:fc:6a:66:43:e9:d2:cd:f3:75:3e:a5:8a:
         74:79:f3:6d:b6:55:03:fd:62:2b:4c:b0:b2:b0:34:eb:52:44:
         38:f9:68:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZYnCbawoGwOuSsOwcR1PlaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYTRkMTQyZDQxMGFhYjA5MDUxMTJjNGFlNTc5MDc2YzBl
NmRjODEwHhcNMjUwNDIxMTM0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDU2Zjg4ZGRkNmVhY2UxYzlhMzlmZThjMGFiYjlmMDY3OTQ2ZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7JUP6JUtsMxkfniLkN9sxDrhqT9
hI4Ial9QBJiClRSh9giptdg7Dgx78LS78LTihrpqGQDIjBdGPGCDOVajVknH+/Vr
5iztEAwSMW69T1qsHI4NoThkDmoD9wx3PJDrtCrTV6o388Y+wcJqRDvwUGKPoRnS
vY7+0b/S5/uV05mwzXRGk4o+avBi89JN63ezS3gSIyJtqpYzYnIOiBfoDWQpd5xd
QNCpoGIfoeY2FDMpfh8Z6RoCHmxZEoTI1r1SVjkbGiVByvyIHt9jfdXB8YvXIVlq
DJ59pG+lAjlq2vUnSJ8CnJcDhZQrF/i/Bqf8CCivwD/qBldaGJMCIeMaswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRW+I3dbqzhyaOf6MCrufBnlG30MB8GA1UdIwQY
MBaAFMGk0ULUEKqwkFESxK5XkHbA5tyBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2FUUlF0UVFxckNRVVJMRXJsZVFkc0RtM0lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xODA1N2EtN2MyOC00NGIwLWIzNDYt
OTkwOTc2NzBiNDRlLzEvMUZiNGpkMXVyT0hKbzVfb3dLdTU4R2VVYmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xODA1N2EtN2MyOC00NGIwLWIzNDYtOTkwOTc2NzBiNDRl
LzEvd2FUUlF0UVFxckNRVVJMRXJsZVFkc0RtM0lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnS0MA0G
CSqGSIb3DQEBCwUAA4IBAQCs8oFipKav4fXBDdB/w5wO/mh13ld4uw4UAHZpQ0Ra
CfpRp/7XmO0VJCW7zIDYpRcE0fg38edECF/JUCK6PXTR34Gk3gdxErNl2jbUr7dO
ILf9ef29prvqUOtg0Ru76w3KySOz2+NkXHW2Sbfj/LuaS59PrzhgtxeZ2T/88era
u/BxtRps8T67EKUz1OBP8khVjflzYZLUZhcYyoRemR5aeEg1dU/Hbm1pK7CffDVf
Q1xoJASs6DJUFPs4ioX17p2ktcXLfP2h/sVMctDRanFaIK+3ImPUN8t1e9W4rDP8
amZD6dLN83U+pYp0efNttlUD/WIrTLCysDTrUkQ4+Whu
-----END CERTIFICATE-----